• Kreoo English
  • Kreoo Italian
  • Kreoo Russian
Select

CUSTOMER PRIVACY NOTICE

Dear Customer,

In compliance with European Data Protection Regulation EU/2016/679 (GDPR), we hereby inform you that as Data Controller, DECORMARMI SRL, with registered office at VIA DUCA D’AOSTA 17/E, 36072, CHIAMPO (VICENZA), certified e-mail: [email protected], VAT no. 02799900242, tax code 02799900242, will process personal data concerning you and may share/communicate your data in the course of your relationship with our company.

The data that were provided freely by you or collected in another manner will be processed in compliance with privacy laws in force, according to the principles of correctness, lawfulness and transparency, and in observance of the principles of relevance, completeness and without excess.

Therefore, as provided for by article 13) of European Data Protection Regulation EU/2016/679 (GDPR), we hereby inform you that:

1. The data provided by you will be processed for the following purposes:

  • regular performance of institutional activities and/or those provided for by the corporate purpose
  • requirements relating to the conclusion of contracts and duties, implementation, subsequent modifications or variations and for any other obligation required for the fulfilment of the same
  • operational, organisational, management, fiscal, financial, insurance and accounting needs relating to the contractual and/or pre-contractual relationship
  • fulfilment of any type of obligation provided for by laws, regulations or EU standards
  • registration, management and storage of access logs to the corporate website, the corporate information system and company locations
  • access control, company security and video surveillance
  • monitoring of the means of delivery of products/services, supplier relations and analysis and management of risks related to the contractual relationship
  • traditional marketing, online marketing, web marketing and web advertising (following acquisition of explicit consent)

2. Data will be processed manually or in a partially automated manner and may consist of the following: collection, registration, organisation, storage, consultation, use, processing, modification, selection, extraction, comparison, interconnection, transmission, communication, diffusion, deletion, destruction, blocking and limitation.

Data will be processed both on paper and using electronic, computer and telematic tools appropriate to guarantee data security and confidentiality in accordance with that established by article 32) of European Data Protection Regulation EU/2016/679 (GDPR) regarding appropriate security measures.

During processing, all technical, computer, management, logistic measures and security procedures will be applied to guarantee the minimum level of data protection provided for by law. When applied to processing, the aforementioned methods ensure data access only to the subjects specified in point 4).

3. Data provision is:

  • mandatory and does not require your consent for purposes related to obligations under European Community laws, regulations and standards.
  • mandatory and does not require your consent for all personal data indispensable for the correct establishment, management and continuation of the commercial and/or contractual relationship.
  • optional and requires your explicit consent for all personal data collected for marketing purposes or for purposes not directly and/or indirectly related to contractual, pre-contractual or legal obligations, or to protect vital interests, the performance of public duties, the exercise of powers conferred by public authorities or the pursuit of legitimate interests.

Refusal, even legitimate refusal, to provide all or some of the aforementioned data, may compromise fulfilment of your relationship with our company, and in particular, the personal data identified above as mandatory and essential, may prevent the normal conduct of business operations and the regular distribution of the requested products/services.

4. The following subjects or categories of subjects may become aware of or be communicated data:

  • Legal Representative of the Data Controller
  • Data Protection Officer (DPO) where designated
  • Data Processors:  Consultants and Consulting Firms, Freelancers, Self-Employed Persons, Technical and Engineering Firms, Agents and Representation Agencies, Banks and Insurance Companies, Credit Collection Companies, Auditors and Auditing Firms, Accounting Firms, Employment Consulting Firms, Law Firms, Transport and Logistics Companies, Contractors, Doctors and Medical Offices
  • Persons in charge of the processing: Management, Administration, Secretaries, Human Resources, Marketing, Sales, Technical And Information Systems
  • System Administrators

Personal data may be also shared, but only in aggregate and anonymous form and for statistical purposes.

Should processing also involve personal data included in “special categories of personal data” (i.e. data that may reveal racial and ethnic origin, religious, philosophical or other convictions, political opinions, membership in a political party, trade union, association or organisation of a religious, philosophical, political or trade union nature, as well as personal data that may reveal your state of health, sex life, sexual orientation, genetic and biometric data) or “legal” data (i.e. data that may reveal criminal records, administrative penalties for crimes and related pending criminal charges, or accused or suspect status), data will be processed within the limits indicated by specific measures of the Data Protection Authority and for the purposes strictly necessary for the proper conduct of company activities, operations related to the delivery of products/services and to the fulfilment of contractual/legal/regulatory obligations.

In this case, the following subjects or categories of subjects may become aware of specific categories of personal data or legal data, or may be communicated such data:

  • Legal Representative of the Data Controller
  • Data Protection Officer (DPO) where designated
  • Data Processors:  Consultants and Consulting Firms, Freelancers, Self-Employed Persons, Technical and Engineering Firms, Agents and Representation Agencies, Banks and Insurance Companies, Credit Collection Companies, Auditors and Auditing Firms, Accounting Firms, Employment Consulting Firms, Law Firms, Transport and Logistics Companies, Contractors, Doctors and Medical Offices
  • Persons in charge of the processing: Management, Administration, Secretaries, Human Resources, Marketing, Sales, Technical And Information Systems
  • System Administrators

Personal data may also be communicated to public entities, the police or other public and private subjects, but solely in compliance with legal or regulatory obligations or EU regulations.

These data will not be communicated to any subject other than those provided for in this privacy policy. Data that may reveal the data subject’s state of health will not be shared under any circumstances.

5. The data may be processed and transferred for the purposes referred to in paragraph 1) and according to the procedures referred to in point 2), including to the entities referred to in point 4) in countries belonging to the European Union and/or outside the European Union, but only based on an adequacy decision of the European Commission, adequate privacy guarantees or an authorisation by the Data Protection Authority.

6. The data will be collected and saved for the sole purposes referred to in point 1 and will be kept for a period not exceeding ten years from collection for administrative and accounting purposes and not exceeding twenty-four months for marketing purposes.

7. In any case, you may ask the Data Controller’s Legal Representative and/or the Data Protection Officer (where designated) for a copy of your personal data, information concerning the locations in which your personal data are processed and an up-to-date list with the details of all Data Processors and System Administrators authorised to process your data.

You may freely withdraw consent at any time and at no charge, without prejudice to the lawfulness of the processing done previously, and exercise your rights as data subject to the Data Controller as provided for by the European Data Protection Regulation EU/2016/679: access, correction, erasure, restriction, opposition, portability, complaint to the Data Protection Authority.

Loading